Introduction
Iptables duplicate work for each family and is using a socket protocol which is far too static. Xtables2 is an ongoing effort to evolve the packet filter.
It aims at providing finer frained modification (and not the whole ruleset modification).
Capabilities
- rule packing: increase cache hit.
- family independent: no more IPv4 and IPv6 specific code. Only the hook remains specific as they are dependant of core network.
- xt extension support
- atomic replace support
xtables syntax is quite similar but not the same. libxtadm is a high-level library for ruleset inspection/manipulation.
More info: xtables.de